Vulnerability Details CVE-2018-20242
A carefully crafted URL could trigger an XSS vulnerability on Apache JSPWiki, from versions up to 2.10.5, which could lead to session hijacking.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.014
EPSS Ranking 79.6%
CVSS Severity
CVSS v3 Score 6.1
CVSS v2 Score 4.3
References
- http://www.securityfocus.com/bid/106804
- https://lists.apache.org/thread.html/8ee4644432c0a433c5c514a57d940cf6dcb0a0094acd97b36290f0b4%40%3Cuser.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1%40%3Ccommits.jspwiki.apache.org%3E
- http://www.securityfocus.com/bid/106804
- https://lists.apache.org/thread.html/8ee4644432c0a433c5c514a57d940cf6dcb0a0094acd97b36290f0b4%40%3Cuser.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/aac253cfc33c0429b528e2fcbe82d3a42d742083c528f58d192dfd16%40%3Ccommits.jspwiki.apache.org%3E
- https://lists.apache.org/thread.html/e42d6e93384d4a33e939989cd00ea2a06ccf1e7bb1e6bdd3bf5187c1%40%3Ccommits.jspwiki.apache.org%3E
Products affected by CVE-2018-20242
-
cpe:2.3:a:apache:jspwiki:-
-
cpe:2.3:a:apache:jspwiki:1.4.0
-
cpe:2.3:a:apache:jspwiki:1.5.0
-
cpe:2.3:a:apache:jspwiki:1.5.5
-
cpe:2.3:a:apache:jspwiki:1.5.7
-
cpe:2.3:a:apache:jspwiki:1.6.0
-
cpe:2.3:a:apache:jspwiki:1.6.11
-
cpe:2.3:a:apache:jspwiki:1.6.12
-
cpe:2.3:a:apache:jspwiki:1.7.0
-
cpe:2.3:a:apache:jspwiki:1.8.0
-
cpe:2.3:a:apache:jspwiki:1.8.2
-
cpe:2.3:a:apache:jspwiki:2.0.0
-
cpe:2.3:a:apache:jspwiki:2.0.14
-
cpe:2.3:a:apache:jspwiki:2.0.32
-
cpe:2.3:a:apache:jspwiki:2.0.36
-
cpe:2.3:a:apache:jspwiki:2.0.39
-
cpe:2.3:a:apache:jspwiki:2.0.45
-
cpe:2.3:a:apache:jspwiki:2.10.0
-
cpe:2.3:a:apache:jspwiki:2.10.1
-
cpe:2.3:a:apache:jspwiki:2.10.2
-
cpe:2.3:a:apache:jspwiki:2.10.3
-
cpe:2.3:a:apache:jspwiki:2.10.4
-
cpe:2.3:a:apache:jspwiki:2.10.5
-
cpe:2.3:a:apache:jspwiki:2.2.13
-
cpe:2.3:a:apache:jspwiki:2.2.14
-
cpe:2.3:a:apache:jspwiki:2.2.16
-
cpe:2.3:a:apache:jspwiki:2.2.19
-
cpe:2.3:a:apache:jspwiki:2.2.20
-
cpe:2.3:a:apache:jspwiki:2.2.26
-
cpe:2.3:a:apache:jspwiki:2.2.28
-
cpe:2.3:a:apache:jspwiki:2.2.33
-
cpe:2.3:a:apache:jspwiki:2.3.50
-
cpe:2.3:a:apache:jspwiki:2.4.0
-
cpe:2.3:a:apache:jspwiki:2.4.100
-
cpe:2.3:a:apache:jspwiki:2.4.102
-
cpe:2.3:a:apache:jspwiki:2.4.103
-
cpe:2.3:a:apache:jspwiki:2.4.104
-
cpe:2.3:a:apache:jspwiki:2.4.15
-
cpe:2.3:a:apache:jspwiki:2.4.56
-
cpe:2.3:a:apache:jspwiki:2.4.69
-
cpe:2.3:a:apache:jspwiki:2.4.71
-
cpe:2.3:a:apache:jspwiki:2.4.87
-
cpe:2.3:a:apache:jspwiki:2.5.124
-
cpe:2.3:a:apache:jspwiki:2.5.139
-
cpe:2.3:a:apache:jspwiki:2.5.79
-
cpe:2.3:a:apache:jspwiki:2.5.93
-
cpe:2.3:a:apache:jspwiki:2.6.0
-
cpe:2.3:a:apache:jspwiki:2.6.1
-
cpe:2.3:a:apache:jspwiki:2.6.2
-
cpe:2.3:a:apache:jspwiki:2.6.3
-
cpe:2.3:a:apache:jspwiki:2.6.4
-
cpe:2.3:a:apache:jspwiki:2.8.0
-
cpe:2.3:a:apache:jspwiki:2.8.1
-
cpe:2.3:a:apache:jspwiki:2.8.2
-
cpe:2.3:a:apache:jspwiki:2.8.3
-
cpe:2.3:a:apache:jspwiki:2.8.4
-
cpe:2.3:a:apache:jspwiki:2.9.0
-
cpe:2.3:a:apache:jspwiki:2.9.1